CN116015782B - Trust relation establishing method for multi-cloud network architecture - Google Patents
Trust relation establishing method for multi-cloud network architecture Download PDFInfo
- Publication number
- CN116015782B CN116015782B CN202211603780.XA CN202211603780A CN116015782B CN 116015782 B CN116015782 B CN 116015782B CN 202211603780 A CN202211603780 A CN 202211603780A CN 116015782 B CN116015782 B CN 116015782B
- Authority
- CN
- China
- Prior art keywords
- cloud
- server
- servers
- verification
- distributed cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000012795 verification Methods 0.000 claims abstract description 48
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims abstract description 6
- 238000005259 measurement Methods 0.000 claims description 33
- 230000002776 aggregation Effects 0.000 claims description 17
- 238000004220 aggregation Methods 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 12
- 101100296683 Arabidopsis thaliana PCR11 gene Proteins 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 12
- 230000006399 behavior Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 101100296682 Arabidopsis thaliana PCR10 gene Proteins 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000013210 evaluation model Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a trust relationship establishment method for a multi-cloud network architecture, wherein all servers are configured with a hardware trusted platform module or a virtual trusted platform module, and a trust chain is established based on an SM3 algorithm in a trusted starting stage; the CRAS initiates verification to the DRAS, then the DRAS verifies the physical server, and the physical server verifies the cloud server according to a ring verification mode; and finally, carrying out one-time verification on all server key evidence information of the distributed cloud by the CRAS, and obtaining the trusted state of the distributed cloud by integrating the whole verification process, and if the trusted state is trusted, successfully establishing a trust relationship. The invention provides a hierarchical trust establishment method, which can lighten the workload caused by independently completing verification by a certain server, effectively uses a trusted computing technology to detect the tampering behavior of key components in a system, and enables the different clouds in a multi-cloud network architecture to establish a complete trust relationship from the start of system power-on to the state of operation.
Description
Technical Field
The invention relates to the fields of cloud computing and trusted computing, in particular to a trust relationship establishment method for a multi-cloud network architecture.
Background
With the standardization of the 5G standard and the beginning of commercial applications worldwide in 2019, 6G is also rapidly becoming a research hotspot. In order to meet the mass connection under the large-scale networking, the distributed management of resources, routes, functions and services is realized, the application scenes such as satellites, sky, land, sea and the like of the world are covered, the distributed management deployment of the 6G network is a necessary trend, and the multi-cloud network architecture can exert larger application value in the distributed management deployment.
The multi-cloud network architecture can better manage isomorphic or heterogeneous networks, and is combined with technologies such as big data and AI (advanced technology) in the future along with development of information technology, and fusion of the cloud and the network is realized. Although cloud computing technology is mature, the security problems faced by the cloud computing technology are still not small, and particularly security threats existing in virtualization technology, such as authority improvement, illegal access and the like, must bring about larger security risks. Traditional firewall, virus killing, intrusion detection and other technologies have been difficult to deal with the attack behavior in complex network environments, and service providers must have the ability to verify whether their infrastructure is authentic. Only if the security and the credibility of the basic framework are ensured from the source, the loss caused by attack can be avoided or reduced.
Meanwhile, in a multi-cloud network architecture, participation of multiple cloud service providers is a development trend, which relates to how trust relationships among multiple clouds are established. In the existing research, indexes such as reputation, service quality, feedback rating and the like are mostly utilized to establish a trust evaluation model, and the existing research has the defect of completely relying on historical behaviors, so that once an attack occurs, the attack is difficult to respond. The trusted computing technology has the characteristics of measurement, storage and reporting, and provides security functions such as trusted starting, remote certification, integrity check, encryption and decryption and the like. The integrity of the behavior from the power-on start to the running of the system can be ensured through the technologies of trusted start, remote proof and the like, and once the tampering behavior of key components is discovered, the system is prevented from being greatly lost in time.
Disclosure of Invention
Aiming at the problems that the virtualized security risk exists in the multi-cloud network architecture and the trust relationship of a plurality of cloud environments is difficult to establish, the invention aims to provide a trust relationship establishment method for the multi-cloud network architecture so as to solve the problem of weak trust among a plurality of clouds.
A trust relationship establishment method for a multi-cloud network architecture comprises the following steps:
step 1: all servers in the cloud finish measurement of key components of the system in a trusted starting mode, and the result is expanded into an SM3 PCR register of a trusted platform module or a virtual trusted platform module;
step 2: the remote proving server of the centralized cloud initiates a remote proving request to the remote proving server of the distributed cloud through the communication module, and the remote proving server of the distributed cloud initiates proving requests to all physical servers in the distributed cloud;
step 3: the physical servers in the distributed cloud perform integrity verification on all cloud servers on the other physical server according to a ring verification mode;
step 4: the remote proving server of the centralized cloud acquires the aggregation result of key evidences of all servers of the distributed cloud in a cross-cloud communication mode, and the integrity verification of all servers is completed at one time; and meanwhile, determining whether a trust relationship with the distributed cloud can be established according to a result obtained in the whole verification process.
Further, the step 1 specifically includes:
step 1.1: the physical server is configured with a hardware trusted platform module supporting an SM3 algorithm, the cloud server is configured with a virtual trusted platform module supporting the SM3 algorithm, trusted starting is realized based on the SM3 algorithm when the system is powered on, and the measurement results of the key components BIOS and Grub are expanded into an SM3 PCR bank of a register, so that the establishment of a trust chain of the server is realized;
step 1.2: for the physical server, it is necessary to measure the virtual machine monitor, virtual trusted platform module simulation software and BIOS simulation software, and store the measurement result in SM3 PCR11 register of the TPM.
Further, the step 2 specifically includes:
step 2.1: the remote proving server of the centralized cloud stores the integrity measurement log benchmark value data of the remote proving server of the distributed cloud, and when the remote proving server of the centralized cloud initiates a verification request to the remote proving server of the distributed cloud, the remote proving server of the distributed cloud encrypts SM3 PCR register data and the integrity measurement log file and then transmits the encrypted SM3 PCR register data and the integrity measurement log benchmark value data to the remote proving server of the centralized cloud; remote attestation server verification of a centralized cloud: (1) the data of the PCR 0-7 register is calculated according to an aggregation formula and then is consistent with the first record of the integrity measurement log; (2) the integrity measurement log is consistent with the data of the PCR No. 10 register after being calculated according to an aggregation formula; (3) the integrity measurement log of the DRAS transmission is equal to the reference value data correspondingly; the aggregation formula is:
hash=SM3(hash_old||hash_new)
wherein, hash represents the result obtained by each operation, hash_old represents the result of the last operation, hash_new represents the data participating in the operation, and "||" represents the connector; SM3 (-) represents SM3 algorithm;
step 2.2: when the remote proving server of the distributed cloud initiates a verification request to the physical server, the PCR 0-7, 10 number registers and the integrity measurement log are verified, and the integrity of the virtual trusted platform module simulation software, the BIOS simulation software and the virtual machine monitor is verified according to the PCR11 number register data.
Further, the step 3 specifically includes:
step 3.1: numbering all physical servers as PS1, PS2, … and PSn, and numbering cloud server resources on the physical servers PSi as Si1, si2, … and Sim; wherein i is more than or equal to 1 and less than or equal to n, n is the number of physical servers, and m is the number of cloud servers;
step 3.2: the physical server verifies the integrity of the cloud server, the ring verification mode is as follows, PSi verifies the cloud server on PS (i+1), PSn finally verifies the cloud server on PS1, and a reference value list of an integrity measurement log of m cloud servers on another physical server is stored on PSi.
Further, the step 4 specifically includes:
step 4.1: storing reference values of key evidence information of all servers on the distributed cloud on a remote proving server of the centralized cloud; the distributed cloud obtains results according to the evidence calculation formulas from the key evidence information of all servers and sends the results to the remote evidence server of the centralized cloud; the evidence calculation formula is:
ba_new=SM3(ba_cur||ba_j),1≤j≤k
wherein ba_new represents the current calculation result, ba_cur represents the current aggregation result, ba_j represents key evidence information of the jth server, k represents the number of servers of the distributed cloud, and "|" represents a connector; SM3 (-) represents SM3 algorithm;
step 4.2: the remote proving server of the centralized cloud calculates according to the evidence calculation formula according to the reference value of the key evidence information of the distributed cloud, compares the evidence calculation formula with the value sent by the distributed cloud, and verifies whether the integrity is damaged;
step 4.3: and integrating verification results of the remote proving server of the centralized cloud to the remote proving server of the distributed cloud, the remote proving server of the distributed cloud to the physical server, the physical server to the cloud server and the remote proving server of the centralized cloud to all servers of the distributed cloud, and if the verification is successful, establishing a trust relationship with the distributed cloud.
The beneficial effects of the invention are as follows: aiming at the trust risk and the virtualization security problem existing among a plurality of clouds in a multi-cloud network architecture, the invention provides a trust relationship establishment method for the multi-cloud network architecture, which can enhance the credibility of the multi-cloud network. The method comprises the steps that key components in a trusted starting process are measured based on an SM3 algorithm when a system is started, a virtual machine monitor, vTPM simulation software, BIOS simulation software and the like on a host are measured, when a trust relationship is established, a centralized cloud is used for verifying DRAS, DRAS is used for verifying a physical server, the physical server is used for verifying a cloud server and the centralized cloud is used for verifying all servers, the trusted state of the current distributed cloud is finally obtained, and whether the trust relationship between the two is established is determined. According to the method, the trusted states of multiple complex clouds in the multi-cloud network architecture are divided into the states of the inside of the clouds and the states among the clouds, the trust relationship is established based on hierarchical verification, and the workload caused by the fact that a certain server independently completes verification can be reduced. The trusted computing technology is effectively used for detecting the tampering behavior of key components in the system, so that a complete trust relationship can be established between different clouds in the multi-cloud network architecture from the start of system power-on to the state of runtime.
Drawings
Fig. 1 is a schematic diagram of a trust relationship establishment method for a multi-cloud network architecture in the present invention.
Fig. 2 is a schematic diagram of ring verification operation of a physical server to a cloud server in the present invention.
Detailed Description
The invention will now be described in further detail with reference to the drawings and to specific examples.
Fig. 1 shows a schematic diagram of a trust relationship establishment method facing to a multi-cloud network architecture in the present invention. The method mainly comprises trusted starting, verification of a CRAS on a DRAS, verification of the DRAS on a physical server, annular verification of the physical server on a cloud server, and one-time verification of the CRAS on all servers in a distributed cloud, and comprises the following specific processes:
(1) Trusted start of the server.
All servers in the cloud complete the measurement of key components of the system in a trusted start mode, and the result is expanded into SM3 PCR registers of a trusted platform module (Trusted platform module, TPM) or a virtual trusted platform module (Virtual trusted platform module, vTPM).
The physical server in the cloud is configured with a hardware TPM supporting an SM3 algorithm, the cloud server is configured with a vTPM supporting the SM3 algorithm, trusted starting is achieved based on the SM3 algorithm when the system is powered on, and measurement results of key components such as BIOS, grub and the like are expanded into an SM3 PCR bank of a register, so that the establishment of a trust chain of the server is achieved. For a physical server, it is necessary to measure a virtual machine monitor, vTPM simulation software, and BIOS simulation software, and store the measurement result in SM3 PCR11 register of the TPM.
(2) Verification of DRAS by CRAS.
Remote attestation servers (Centralized remote attestation server, CRAS) of the centralized cloud initiate remote attestation requests to remote attestation servers (Distributed remote attestation server, DRAS) of the distributed cloud through the communication module, and the distributed cloud initiates attestation requests to all physical servers by the DRAS internally.
The method comprises the steps that integrity measurement log reference value data of the DRAS are stored in the CRAS, when the CRAS initiates a verification request to the DRAS, the DRAS encrypts SM3 PCR register data and an integrity measurement log file and then transmits the encrypted data and the encrypted data to the CRAS, and the CRAS verifies: (1) the data of the PCR 0-7 register is calculated according to an aggregation formula and then is consistent with the first record of the integrity measurement log; (2) the integrity measurement log is consistent with the data of the PCR No. 10 register after being calculated according to an aggregation formula; (3) and whether the integrity measurement log of the DRAS transmission is equal to the reference value data can be correspondingly. The aggregation formula is:
hash=SM3(hash_old||hash_new)
the hash represents the result obtained by each operation, the hash_old represents the result of the last operation, the hash_new represents the data participating in the operation, the "||" represents the connector, and the SM3 (·) represents the SM3 algorithm.
(3) Verification of the physical server by DRAS.
When the DRAS initiates a verification request to the physical server, the DRAS verifies the integrity of the vTPM simulation software, the BIOS simulation software and the virtual machine monitor according to the PCR11 number register data in addition to the PCR 0-7 number register, the PCR10 number register and the integrity measurement log.
(4) And the physical servers in the distributed cloud perform integrity verification on all cloud servers on the other physical server in a ring verification mode.
The ring verification of the physical server on the cloud server is shown in fig. 2, and the physical server in the distributed cloud performs integrity verification on all cloud servers on another physical server according to a ring verification mode. The mechanism of authentication is as follows: firstly, numbering all physical servers as PS1, PS2, … and PSn respectively, and numbering cloud server resources on the physical servers PSi (i is more than or equal to 1 and less than or equal to n, n is the number of the physical servers) as Si1, si2, … and Sim (m is the number of the cloud servers). And then storing a reference value list of the integrity measurement log of the m-platform cloud server on the other physical server on the PSi. And finally, verifying the integrity of the cloud server by a physical server, wherein the annular verification mode is as follows, PSi verifies the cloud server on PS (i+1), and PSn verifies the cloud server on PS 1.
(5) The CRAS verifies all servers in the distributed cloud once.
The CRAS acquires the aggregation result of all server key evidences of the distributed cloud in a cross-cloud communication mode, and completes the integrity verification of all servers at one time. And meanwhile, determining whether a trust relationship with the distributed cloud can be established according to a result obtained in the whole verification process.
The CRAS stores a reference value of key evidence information (boot_aggregate value, which represents hash values of PCR No. 0-7 registers) of all servers on the distributed cloud. And then calculating the result of the key evidence information of all servers according to an evidence calculation formula ba_new=SM3 (ba_cur||ba_j) (1.ltoreq.j.ltoreq.k) by the distributed cloud, and sending the result to the CRAS. Wherein ba_new represents the current calculation result, ba_cur represents the current aggregation result, ba_j represents the key evidence information of the jth server, k represents the number of servers of the distributed cloud, and "|" represents the connector. And finally, the CRAS calculates an aggregation result according to the reference value of the key evidence information of the distributed cloud, compares the aggregation result with the value sent by the distributed cloud, and verifies whether the integrity is damaged. And integrating verification results of the CRAS on the DRAS, the DRAS on the physical server, the physical server on the cloud server and the CRAS on all servers of the distributed cloud, and if verification is successful, establishing a trust relationship with the distributed cloud.
The invention divides the trusted states of a plurality of complex clouds in the multi-cloud network architecture into the states of the inside of the clouds and the states among the clouds, establishes the trust relationship based on hierarchical verification, and can reduce the workload caused by independently completing verification by a certain server. The trusted computing technology is effectively used for detecting the tampering behavior of key components in the system, so that a complete trust relationship can be established between different clouds in the multi-cloud network architecture from the start of system power-on to the state of runtime.
Claims (5)
1. A trust relationship establishment method for a multi-cloud network architecture is characterized by comprising the following steps:
step 1: all servers in the cloud finish measurement of key components of the system in a trusted starting mode, and the result is expanded into an SM3 PCR register of a trusted platform module or a virtual trusted platform module;
step 2: the remote proving server of the centralized cloud initiates a remote proving request to the remote proving server of the distributed cloud through the communication module, and the remote proving server of the distributed cloud initiates proving requests to all physical servers in the distributed cloud;
step 3: the physical servers in the distributed cloud perform integrity verification on all cloud servers on the other physical server according to a ring verification mode;
step 4: the remote proving server of the centralized cloud acquires the aggregation result of key evidences of all servers of the distributed cloud in a cross-cloud communication mode, and the integrity verification of all servers is completed at one time; and meanwhile, determining whether a trust relationship with the distributed cloud can be established according to a result obtained in the whole verification process.
2. The trust relationship establishment method for a multi-cloud network architecture according to claim 1, wherein the step 1 is specifically:
step 1.1: the physical server is configured with a hardware trusted platform module supporting an SM3 algorithm, the cloud server is configured with a virtual trusted platform module supporting the SM3 algorithm, trusted starting is realized based on the SM3 algorithm when the system is powered on, and the measurement results of the key components BIOS and Grub are expanded into an SM3 PCR bank of a register, so that the establishment of a trust chain of the server is realized;
step 1.2: for the physical server, it is necessary to measure the virtual machine monitor, virtual trusted platform module simulation software and BIOS simulation software, and store the measurement result in SM3 PCR11 register of the TPM.
3. The trust relationship establishment method for a multi-cloud network architecture according to claim 1, wherein the step 2 specifically comprises:
step 2.1: the remote proving server of the centralized cloud stores the integrity measurement log benchmark value data of the remote proving server of the distributed cloud, and when the remote proving server of the centralized cloud initiates a verification request to the remote proving server of the distributed cloud, the remote proving server of the distributed cloud encrypts SM3 PCR register data and the integrity measurement log file and then transmits the encrypted SM3 PCR register data and the integrity measurement log benchmark value data to the remote proving server of the centralized cloud; remote attestation server verification of a centralized cloud: (1) the data of the PCR 0-7 register is calculated according to an aggregation formula and then is consistent with the first record of the integrity measurement log; (2) the integrity measurement log is consistent with the data of the PCR No. 10 register after being calculated according to an aggregation formula; (3) the integrity measurement log of the DRAS transmission is equal to the reference value data correspondingly; the aggregation formula is:
hash=SM3(hash_old||hash_new)
wherein, hash represents the result obtained by each operation, hash_old represents the result of the last operation, hash_new represents the data participating in the operation, and "||" represents the connector; SM3 (-) represents SM3 algorithm;
step 2.2: when the remote proving server of the distributed cloud initiates a verification request to the physical server, the PCR 0-7, 10 number registers and the integrity measurement log are verified, and the integrity of the virtual trusted platform module simulation software, the BIOS simulation software and the virtual machine monitor is verified according to the PCR11 number register data.
4. The trust relationship establishment method for a multi-cloud network architecture according to claim 1, wherein the step 3 specifically comprises:
step 3.1: numbering all physical servers as PS1, PS2, … and PSn, and numbering cloud server resources on the physical servers PSi as Si1, si2, … and Sim; wherein i is more than or equal to 1 and less than or equal to n, n is the number of physical servers, and m is the number of cloud servers;
step 3.2: the physical server verifies the integrity of the cloud server, the ring verification mode is as follows, PSi verifies the cloud server on PS (i+1), PSn finally verifies the cloud server on PS1, and a reference value list of an integrity measurement log of m cloud servers on another physical server is stored on PSi.
5. The trust relationship establishment method for a multi-cloud network architecture according to claim 1, wherein the step 4 is specifically:
step 4.1: storing reference values of key evidence information of all servers on the distributed cloud on a remote proving server of the centralized cloud; the distributed cloud obtains results according to the evidence calculation formulas from the key evidence information of all servers and sends the results to the remote evidence server of the centralized cloud; the evidence calculation formula is:
ba_new=SM3(ba_cur||ba_j),1≤j≤k
wherein ba_new represents the current calculation result, ba_cur represents the current aggregation result, ba_j represents key evidence information of the jth server, k represents the number of servers of the distributed cloud, and "|" represents a connector; SM3 (-) represents SM3 algorithm;
step 4.2: the remote proving server of the centralized cloud calculates according to the evidence calculation formula according to the reference value of the key evidence information of the distributed cloud, compares the evidence calculation formula with the value sent by the distributed cloud, and verifies whether the integrity is damaged;
step 4.3: and integrating verification results of the remote proving server of the centralized cloud to the remote proving server of the distributed cloud, the remote proving server of the distributed cloud to the physical server, the physical server to the cloud server and the remote proving server of the centralized cloud to all servers of the distributed cloud, and if the verification is successful, establishing a trust relationship with the distributed cloud.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211603780.XA CN116015782B (en) | 2022-12-13 | 2022-12-13 | Trust relation establishing method for multi-cloud network architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211603780.XA CN116015782B (en) | 2022-12-13 | 2022-12-13 | Trust relation establishing method for multi-cloud network architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116015782A CN116015782A (en) | 2023-04-25 |
| CN116015782B true CN116015782B (en) | 2024-03-22 |
Family
ID=86034498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211603780.XA Active CN116015782B (en) | 2022-12-13 | 2022-12-13 | Trust relation establishing method for multi-cloud network architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015782B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
| CN103795717A (en) * | 2014-01-23 | 2014-05-14 | 中国科学院计算技术研究所 | Method and system for proving integrity of cloud computing platform |
| CN205490654U (en) * | 2015-11-02 | 2016-08-17 | 上海特易信息科技有限公司 | BPO application service cloud access control device |
| CN106790045A (en) * | 2016-12-19 | 2017-05-31 | 南京邮电大学 | One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method |
| CN107249015A (en) * | 2017-04-28 | 2017-10-13 | 西安财经学院 | Credible cloud service system of selection, cloud system and Cloud Server based on risk assessment |
| CN110166444A (en) * | 2019-05-05 | 2019-08-23 | 桂林电子科技大学 | Isomery cross-domain authentication method based on trusted agent under a kind of cloud environment |
| CN115292709A (en) * | 2022-07-15 | 2022-11-04 | 四川大学 | Cloud platform trust chain construction method based on SM3 algorithm |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8875240B2 (en) * | 2011-04-18 | 2014-10-28 | Bank Of America Corporation | Tenant data center for establishing a virtual machine in a cloud environment |
| US9613052B2 (en) * | 2012-06-05 | 2017-04-04 | International Business Machines Corporation | Establishing trust within a cloud computing system |
| US9507949B2 (en) * | 2012-09-28 | 2016-11-29 | Intel Corporation | Device and methods for management and access of distributed data sources |
| GB2550322B (en) * | 2016-04-11 | 2019-02-27 | 100 Percent It Ltd | Remote attestation of cloud infrastructure |
| US11218463B2 (en) * | 2016-08-02 | 2022-01-04 | Hewlett Packard Enterprise Development Lp | Trust establishment to deploy servers in data centers |
-
2022
- 2022-12-13 CN CN202211603780.XA patent/CN116015782B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
| CN103795717A (en) * | 2014-01-23 | 2014-05-14 | 中国科学院计算技术研究所 | Method and system for proving integrity of cloud computing platform |
| CN205490654U (en) * | 2015-11-02 | 2016-08-17 | 上海特易信息科技有限公司 | BPO application service cloud access control device |
| CN106790045A (en) * | 2016-12-19 | 2017-05-31 | 南京邮电大学 | One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method |
| CN107249015A (en) * | 2017-04-28 | 2017-10-13 | 西安财经学院 | Credible cloud service system of selection, cloud system and Cloud Server based on risk assessment |
| CN110166444A (en) * | 2019-05-05 | 2019-08-23 | 桂林电子科技大学 | Isomery cross-domain authentication method based on trusted agent under a kind of cloud environment |
| CN115292709A (en) * | 2022-07-15 | 2022-11-04 | 四川大学 | Cloud platform trust chain construction method based on SM3 algorithm |
Non-Patent Citations (4)
| Title |
|---|
| A Subjective Trust Management System in Multi-Cloud Environment;Abhishek Singh Bhadauria等;《2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence)》;20190729;全文 * |
| 云环境下基于代理重签名的跨域身份认证方案;杨小东等;《 计算机学报》;20190613(第4期);全文 * |
| 云计算环境下的信任评估研究;管军等;《现代计算机》;20210925;第27卷(第27期);全文 * |
| 基于标准化安全指标体系的云服务安全等级评估模型;李想等;《工程科学与技术》;20200531;第52卷(第3期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116015782A (en) | 2023-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11343245B2 (en) | Systems and methods for security of network connected devices | |
| CN110169036A (en) | The automatic recovery driven using the device of multiple recovery resources | |
| JP7113123B2 (en) | Device and method | |
| CN111031003B (en) | Intelligent evaluation system of cross-network isolation safety system | |
| WO2022166637A1 (en) | Blockchain network-based method and apparatus for data processing, and computer device | |
| CN101344903A (en) | Multi-case dynamic remote certification method based on TPM | |
| CN112187712A (en) | Anonymous authentication method and system for trust in de-center mobile crowdsourcing | |
| CN104715183A (en) | Trusted verifying method and equipment used in running process of virtual machine | |
| CN114143343B (en) | Remote access control system, control method, terminal and medium in fog computing environment | |
| Banirostam et al. | A trust based approach for increasing security in cloud computing infrastructure | |
| US20230052608A1 (en) | Remote attestation | |
| WO2020016480A1 (en) | Electronic device update management | |
| CN116015782B (en) | Trust relation establishing method for multi-cloud network architecture | |
| CN112564985A (en) | Safe operation and maintenance management method based on block chain | |
| Xu et al. | Cloud data security and integrity protection model based on distributed virtual machine agents | |
| EP4055774A1 (en) | System and method of establishing a trusted relationship in a distributed system | |
| Debes et al. | Blindtrust: Oblivious remote attestation for secure service function chains | |
| WO2021135978A1 (en) | Method for proving trusted state and related device | |
| CN114679284A (en) | Trusted remote attestation system, storage method, verification method and storage medium thereof | |
| CN116305092B (en) | Method and system for realizing trusted virtualization system | |
| Zhou et al. | Research on Data Platform Construction and Security of Information Network Based on Blockchain Technology | |
| Fu et al. | An Improved Biometric Fuzzy Signature with Timestamp of Blockchain Technology for Electrical Equipment Maintenance | |
| TWI841331B (en) | Zero trust authentication statement system, method and computer readable medium | |
| KR102162108B1 (en) | Lw_pki system for nfv environment and communication method using the same | |
| Yeasmin et al. | A novel and failsafe blockchain framework for secure OTA updates in connected autonomous vehicles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |